Xiaokui Shu
Xiaokui Shu
**Describe the bug** The escape rules for STIX pattern are confusing. In order to match ``` [process:command_line = 'C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule'] ``` One need to write the...
There is an interesting difference that hasn't been documented. May need to clarify this in doc. ``` x = GET process FROM stixshifter://hostA WHERE [process:name = 'cmd.exe'] # the following...
In the binder service, we let users to provide `stixshifter.yaml` at the current dir. This does not work when executing a command, only works for auto-completion. This is due to...
**Is your feature request related to a problem? Please describe.** Kestrel allow to use SIGMA engine as an analytics. But we may want to have a dedicated method of calling...
**Describe the bug** When executing the FIND command on the same return variable, the variable is not recreated, but outputs are appended. **Details of the bug** - What is the...
**Is your feature request related to a problem? Please describe.** The current implementation is out-dated and does not clearly provide enough information. **Describe the solution you'd like** 1. turn `Indirect...
https://github.com/microsoft/msticpy Maybe a new analytics interface---a shadow wrapper around the Python analytics interface---to make it easy to access functions/modules in msticpy.
**Describe the bug** If one tries to auto-complete a variable name in STIX pattern for a parameterized pattern, it does not work. **Details of the bug** This is limited to...
thinking about possibility to merge STIX (parameterized STIX) syntax between `kestrel-lang` and `firepit`. this dedup will make future maintenance easier. check the possibility of import in lark.